1c1
< 2002-10-21 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
3c3
< * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
---
> * Release 0.6
5,6c5
< * lib/krb5/principal.c: pull up 1.82; don't allow trailing
< backslashes in components
---
> 2003-05-08 Love H�rnquist �strand <lha@it.su.se>
8c7,8
< * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
---
> * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
> support
10,11c10,11
< * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
< keytabs
---
> * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
> v4 support
13,14c13,14
< * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
< two hex digits
---
> * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
> support
16,17c16
< * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
< the newline to NUL in fgets results.
---
> 2003-05-06 Johan Danielsson <joda@pdc.kth.se>
19,20c18,19
< * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
< newline to NUL in fgets results.
---
> * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
> tests
22,23c21,23
< * lib/krb5/keytab_file.c: pull up 1.12; check return value from
< start_seq_get
---
> * lib/asn1/check-gen.c: there is no \e escape sequence; replace
> everything with hex-codes, and cast to unsigned char* to make some
> compilers happy
25,26c25
< * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
< when "unconfigured"
---
> 2003-05-06 Love H�rnquist �strand <lha@it.su.se>
28,29c27,30
< * lib/krb5/changepw.c: pull up 1.38; fix reply length check
< calculation
---
> * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
> argument to krb5_us_timeofday have correct type
>
> 2003-05-05 Assar Westerlund <assar@kth.se>
31c32
< * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
---
> * include/make_crypto.c (main): include aes.h if ENABLE_AES
33c34
< * kdc/kaserver.c: pull up 1.21; make sure life is positive
---
> 2003-05-05 Love H�rnquist �strand <lha@it.su.se>
35c36,38
< * fix-export: pull up 1.28; remove autom4ate.cache
---
> * NEWS: 1.108->1.110: fix text about gssapi compat
>
> 2003-04-28 Love H�rnquist �strand <lha@it.su.se>
37c40,41
< 2002-09-10 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
> from openbsd
39c43
< * Release 0.5
---
> 2003-04-24 Love H�rnquist �strand <lha@it.su.se>
41c45,46
< * include/make_crypto.c: don't use function macros if possible
---
> * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
> <jmc@prioris.mini.pw.edu.pl>
43c48
< * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
---
> 2003-04-22 Love H�rnquist �strand <lha@it.su.se>
45c50,51
< * include/Makefile.am: use make_crypto to create crypto-headers.h
---
> * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
> via openbsd
47c53
< * include/make_crypto.c: crypto header generation tool
---
> 2003-04-17 Love H�rnquist �strand <lha@it.su.se>
49,51c55,65
< * configure.in: move crypto test to just after testing for krb4,
< and move roken tests to after both, this speeds up various failure
< cases with krb4
---
> * lib/asn1/der_copy.c (copy_general_string): use strdup
> * lib/asn1/der_put.c: remove sprintf
> * lib/asn1/gen.c: remove strcpy/sprintf
>
> * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
> that other (me) have such hosts in the local domain and the tests
> fails, to take hokkigai.pdc.kth.se instead
>
> * lib/krb5/test_alname.c: add --version and --help
>
> 2003-04-16 Love H�rnquist �strand <lha@it.su.se>
53c67,76
< * lib/krb5/config_file.c: don't use NULL when we mean 0
---
> * lib/krb5/krb5_warn.3: add krb5_get_err_text
>
> * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
> * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
> * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
> strlcpy, from openbsd
> * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
> * appl/kf/kfd.c: use strlcpy, from openbsd
>
> 2003-04-16 Johan Danielsson <joda@pdc.kth.se>
55,56c78,80
< * configure.in: we don't set package_libdir anymore, so no point
< in testing for it
---
> * configure.in: fix for large file support in AIX, _LARGE_FILES
> needs to be defined on the command line, since lex likes to
> include stdio.h before we get to config.h
58c82,88
< * tools/Makefile.am: subst INCLUDE_des
---
> 2003-04-16 Love H�rnquist �strand <lha@it.su.se>
>
> * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
> from Thomas Klausner <wiz@netbsd.org>
>
> * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
> <wiz@netbsd.org>
60c90
< * tools/krb5-config.in: add INCLUDE_des to cflags
---
> 2003-04-15 Love H�rnquist �strand <lha@it.su.se>
62c92,94
< * configure.in: use AC_CONFIG_SRCDIR
---
> * kdc/kerberos5.c: fix some more memory leaks
>
> 2003-04-11 Love H�rnquist �strand <lha@it.su.se>
64c96,98
< * fix-export: remove some unneeded stuff
---
> * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
>
> 2003-04-08 Love H�rnquist �strand <lha@it.su.se>
66c100,102
< * kuser/kinit.c (do_524init): free principals
---
> * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
>
> 2003-04-06 Love H�rnquist �strand <lha@it.su.se>
68c104,112
< 2002-09-09 Jacques Vidrine <nectar@kth.se>
---
> * lib/krb5/krb5.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
> * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
> * kuser/kinit.1: s/kerberos/Kerberos/
> * kdc/kdc.8: s/kerberos/Kerberos/
>
> 2003-04-01 Love H�rnquist �strand <lha@it.su.se>
70,76c114,118
< * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
< kdc/kaserver.c (krb5_ret_xdr_data),
< lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
< counts: Check that they are non-negative, and that they are small
< enough to avoid integer overflow when used in memory allocation
< calculations. Potential problem areas pointed out by
< Sebastian Krahmer <krahmer@suse.de>.
---
> * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
>
> * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
> converting too root, make sure user is ok according to
> krb5_kuserok before allowing it.
78,79c120,127
< * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
< creating a new keyfile.
---
> * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
>
> * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
>
> * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
> instead of the "illegal" salt #~, same change as kth-krb did
> 1999. Problems occur with crypt() that behaves like AT&T crypt
> (openssl does this). Pointed out by Marcus Watts.
81c129,134
< 2002-09-09 Johan Danielsson <joda@pdc.kth.se>
---
> * admin/change.c (kt_change): collect all principals we are going
> to change, and pick the highest kvno and use that to guess what
> kvno the resulting kvno is going to be. Now two ktutil change in a
> row works. XXX fix the protocol to pass the kvno back.
>
> 2003-03-31 Love H�rnquist �strand <lha@it.su.se>
83c136,138
< * configure.in: don't try to build pam module
---
> * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
>
> 2003-03-30 Love H�rnquist �strand <lha@it.su.se>
85c140,141
< 2002-09-05 Johan Danielsson <joda@pdc.kth.se>
---
> * doc/setup.texi: add description on how to turn on v4, 524 and
> kaserver support
87c143
< * appl/kf/kf.c: fix warning string
---
> 2003-03-29 Love H�rnquist �strand <lha@it.su.se>
89,90c145,146
< * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
< know we need it
---
> * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
> and afs-use-524
92c148
< 2002-09-04 Assar Westerlund <assar@kth.se>
---
> 2003-03-28 Love H�rnquist �strand <lha@it.su.se>
94c150,151
< * kdc/kerberos5.c (encode_reply): correct error logging
---
> * kdc/kerberos5.c (as_rep): when the second enctype_to_string
> failes, remember to free memory from the first enctype_to_string
96c153,155
< 2002-09-04 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
> from Harald Joerg <harald.joerg@fujitsu-siemens.com>
> (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
98c157,160
< * lib/krb5/sendauth.c: close ccache if we opened it
---
> * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
> length when key is longer then expected length, its probably
> longer since the encrypted data was padded, reported by Aidan
> Cully <aidan@kublai.com>
100c162,165
< * appl/kf/kf.c: handle new protocol
---
> * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
> encyption type, inspired by Aidan Cully <aidan@kublai.com>
>
> 2003-03-27 Love H�rnquist �strand <lha@it.su.se>
102,104c167,171
< * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
< handle the new protocol, and bail out if an old client tries to
< connect
---
> * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
> (wildcard kvno) after principal when the keytab entry isn't found,
> reported by Chris Chiappa <chris@chiappa.net>
>
> 2003-03-26 Love H�rnquist �strand <lha@it.su.se>
106c173,174
< * appl/kf/kf_locl.h: we need a protocol version string
---
> * doc/misc.texi: update 2b example to match reality (from
> mattiasa@e.kth.se)
108c176,177
< * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
---
> * doc/misc.texi: spelling and add `Configuring AFS clients'
> subsection
110c179
< * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
---
> 2003-03-25 Love H�rnquist �strand <lha@it.su.se>
112c181,184
< * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
---
> * lib/krb5/krb5.3: add krb5_free_data_contents.3
>
> * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
> API
114,121c186,187
< * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
<
< * lib/asn1/gen.c: add convenience macro that allocates a buffer
< and encoded into that
<
< * lib/krb5/get_cred.c (init_tgs_req): use
< in_creds->session.keytype literally instead of trying to convert
< to a list of enctypes (it should already be an enctype)
---
> * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
> with MIT API
123c189,192
< * lib/krb5/get_cred.c (init_tgs_req): init ret
---
> * lib/krb5/krb5_verify_user.3: write more about how the ccache
> argument should be inited when used
>
> 2003-03-25 Johan Danielsson <joda@pdc.kth.se>
125c194,196
< 2002-09-03 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/addr_families.c (krb5_print_address): make sure
> print_addr is defined for the given address type; make addrports
> printable
127c198
< * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
---
> * kdc/string2key.c: print the used enctype for kerberos 5 keys
129c200
< * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
---
> 2003-03-25 Love H�rnquist �strand <lha@it.su.se>
131,132c202,204
< * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
< zero ivec in DES3_CBC_encrypt if passed ivec is NULL
---
> * lib/krb5/aes-test.c: add another arcfour test
>
> 2003-03-22 Love H�rnquist �strand <lha@it.su.se>
134,135c206,210
< * lib/krb5/Makefile.am: back out 1.144, since it will re-create
< krb5-protos.h at build-time, which requires perl, which is bad
---
> * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
>
> 2003-03-20 Love H�rnquist �strand <lha@it.su.se>
>
> * lib/krb5/krb5_ccache.3: update .Dd
137,138c212
< * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
< blindly use the local subkey
---
> * lib/krb5/krb5.3: sort in krb5_data functions
140,141c214
< * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
< extracts the required blocksize from a crypto context
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
143,144c216
< * lib/krb5/build_auth.c: just get the length of the encoded
< authenticator instead of trying to grow a buffer
---
> * lib/krb5/krb5_data.3: document krb5_data
146c218,221
< 2002-09-03 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
> prompter is NULL, don't try to ask for a password to
> change. reported by Iain Moffat @ ufl.edu via Howard Chu
> <hyc@highlandsun.com>
148,149c223
< * configure.in: add --disable-mmap option, and tests for
< sys/mman.h and mmap
---
> 2003-03-19 Love H�rnquist �strand <lha@it.su.se>
151c225,226
< 2002-09-03 Jacques Vidrine <nectar@kth.se>
---
> * lib/krb5/krb5_keytab.3: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
153c228,231
< * lib/krb5/changepw.c: verify lengths in response
---
> * lib/krb5/krb5.conf.5: . means new line
>
> * lib/krb5/krb5.conf.5: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
155,156c233,234
< * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
< truncated integers
---
> * lib/krb5/krb5_auth_context.3: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
158c236
< 2002-09-02 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-03-18 Love H�rnquist �strand <lha@it.su.se>
160,161c238,242
< * lib/krb5/mk_req_ext.c: generate a local subkey if
< AP_OPTS_USE_SUBKEY is set
---
> * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
>
> * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
>
> * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
163,164c244,250
< * lib/krb5/build_auth.c: we don't have enough information about
< whether to generate a local subkey here, so don't try to
---
> * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
> #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
>
> * kdc/config.c: 524 is independent of kerberos 4, so move out
> enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
>
> 2003-03-17 Assar Westerlund <assar@kth.se>
166,167c252,258
< * lib/krb5/auth_context.c: new function
< krb5_auth_con_generatelocalsubkey
---
> * kdc/kdc.8: document --kerberos4-cross-realm
> * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
> * kdc/kdc_locl.h (enable_v4_cross_realm): add
> * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
> flag before giving out v4 tickets for foreign v5 principals
> * kdc/config.c: add --enable-kerberos4-cross-realm option (default
> to off)
169,170c260
< * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
< initial ticket
---
> 2003-03-17 Love H�rnquist �strand <lha@it.su.se>
172,173c262,265
< * lib/krb5/context.c (init_context_from_config_file): simplify
< initialisation of srv_lookup
---
> * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
>
> * lib/krb5/krb5_aname_to_localname.3: manpage for
> krb5_aname_to_localname
175c267,269
< * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
---
> * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
>
> 2003-03-16 Love H�rnquist �strand <lha@it.su.se>
177c271
< * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
---
> * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
179c273
< 2002-08-30 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
181,184c275,278
< * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
< * lib/krb5/Makefile.am (TESTS): add name-45-test
< * lib/krb5/name-45-test.c: add testcases for
< krb5_425_conv_principal
---
> * lib/krb5/krb5_set_default_realm.3: Manpage for
> krb5_free_host_realm, krb5_get_default_realm,
> krb5_get_default_realms, krb5_get_host_realm, and
> krb5_set_default_realm.
186c280,281
< 2002-08-29 Assar Westerlund <assar@kth.se>
---
> * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
> <sobrado@acm.org> via NetBSD
188,245c283
< * lib/krb5/parse-name-test.c: also test unparse_short functions
< * lib/asn1/asn1_print.c: use com_err/error_message API
< * lib/krb5/Makefile.am: add parse-name-test
< * lib/krb5/parse-name-test.c: add a program for testing parsing
< and unparsing principal names
<
< 2002-08-28 Assar Westerlund <assar@kth.se>
<
< * kdc/config.c: add missing ifdef DAEMON
<
< 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: use rk_SUNOS
<
< * kdc/config.c: add detach options
<
< * kdc/main.c: maybe detach from console?
<
< * kdc/kdc.8: markup changes
<
< * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
<
< * configure.in: use rk_TELNET, rename some other macros, and don't
< add -ldes to krb4 link command
<
< * kuser/kinit.1: whitespace fix (from NetBSD)
<
< * include/bits.c: we may need unistd.h for ssize_t
<
< 2002-08-26 Assar Westerlund <assar@kth.se>
<
< * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
< rrs before A ones when using the resolver to verify a mapping,
< also use getaddrinfo when resolver is not available
<
< * lib/hdb/keytab.c (find_db): const-correctness in parameters to
< krb5_config_get_next
<
< * lib/asn1/gen.c: include <string.h> in the generated files (for
< memset)
<
< 2002-08-22 Assar Westerlund <assar@kth.se>
<
< * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
< getarg so that it can handle --help and --version (and thus make
< check can pass)
<
< * lib/asn1/check-der.c: make this build again
<
< 2002-08-22 Assar Westerlund <assar@kth.se>
<
< * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
< patch from Love <lha@stacken.kth.se>
<
< 2002-08-22 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
< KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
---
> * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
247,251c285
< * kdc/kdc.8: add blurb about adding and removing addresses; update
< kdc.conf section to match reality
<
< * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
< don't define it
---
> * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
253c287
< 2002-08-21 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
255,261c289,290
< * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
< Love <lha@stacken.kth.se>
<
< 2002-08-21 Johan Danielsson <joda@pdc.kth.se>
<
< * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
< since it might not exist, and we don't actually care about the key
---
> * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
> types, add krb5_fcc_ops and krb5_mcc_ops
263c292,293
< 2002-08-20 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
> a id
265,266c295
< * lib/krb5/krb5.conf.5: correct documentation for
< verify_ap_req_nofail
---
> 2003-03-15 Love H�rnquist �strand <lha@it.su.se>
268,269c297,298
< * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
< Mattias Amnefelt)
---
> * doc/intro.texi: add reference to source code, binaries and the
> manual
271,272c300,302
< * kuser/klist.c (display_tokens): increase token buffer size, and
< add more checks of the kernel data (from Love)
---
> * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
>
> 2003-03-14 Love H�rnquist �strand <lha@it.su.se>
274c304
< 2002-08-19 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/kdc.8: better/difrent english
276c306,308
< * fix-export: use make to parse Makefile.am instead of perl
---
> * kdc/kdc.8: . -> .\n, copyright/license
>
> * kdc/kdc.8: changed configuration file -> restart kdc
278,279c310,311
< * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
< groks AC_INIT with package name etc.
---
> * kdc/kerberos4.c: add krb4 into the most error messages written
> to the logfile
281c313,314
< * kpasswd/kpasswdd.c: include <kadm5/private.h>
---
> * lib/krb5/krb5_ccache.3: add missing name of argument
> (krb5_context) to most functions
283c316
< * lib/asn1/asn1_print.c: include com_right.h
---
> 2003-03-13 Love H�rnquist �strand <lha@it.su.se>
285c318,320
< * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
---
> * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
> function and return FALSE when there isn't a local account for
> `luser'.
287,288c322,323
< * include/bits.c: define krb5_socklen_t type; this should really
< go someplace else, but this was easy
---
> * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
> describing the function
290,291c325
< * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
< fails, just warn about it
---
> 2003-03-12 Love H�rnquist �strand <lha@it.su.se>
293c327,328
< * kdc/log.c (kdc_openlog): no need for a config_file parameter
---
> * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
> returned memory, don't return ENOMEM
295c330
< * kdc/config.c: just treat kdc.conf like any other config file
---
> 2003-03-11 Love H�rnquist �strand <lha@it.su.se>
297,298c332,339
< * lib/krb5/context.c (krb5_get_default_config_files): ignore
< duplicate files
---
> * lib/krb5/krb5.3: add krb5_address stuff and sort
>
> * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
>
> * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
>
> * lib/krb5/krb5_address.3: document types krb5_address and
> krb5_addresses and their helper functions
300c341
< 2002-08-16 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-03-10 Love H�rnquist �strand <lha@it.su.se>
302,303c343
< * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
< them
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
305,306c345
< * lib/krb5/constants.c: turn strings into pointers, so we can
< assign to them
---
> * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
308,309c347
< * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
< SCAN_INTERFACES is not set
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
311c349,354
< * lib/krb5/context.c: fix various borked stuff in previous commits
---
> * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
>
> * lib/krb5/krb5.3: add more functions
>
> * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
> functions
313c356,359
< 2002-08-16 Jacques Vidrine <n@nectar.com>
---
> * lib/krb5/krb5_kuserok.3: document krb5_kuserok
>
> * lib/krb5/krb5_verify_user.3: document
> krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
315,317c361,362
< * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
< the `admin_server' entry for kpasswd, override the `proto' result
< to be UDP.
---
> * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
> krb5_verify_user_opt
319c364
< 2002-08-15 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
321,322c366,367
< * lib/krb5/auth_context.c: check return value of
< krb5_sockaddr2address
---
> * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
> return NULL
324,325c369,370
< * lib/krb5/addr_families.c: check return value of
< krb5_sockaddr2address
---
> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
> (TESTS): add test_cc
327c372,377
< * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
---
> * lib/krb5/test_cc.c: test some
> krb5_cc_default_name/krb5_cc_set_default_name combinations
>
> * lib/krb5/context.c (init_context_from_config_file): set
> default_cc_name to NULL
> (krb5_free_context): free default_cc_name if set
329c379,380
< 2002-08-14 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/cache.c (krb5_cc_set_default_name): new function
> (krb5_cc_default_name): use krb5_cc_set_default_name
331c382,384
< * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
---
> * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
>
> 2003-02-25 Love H�rnquist �strand <lha@it.su.se>
333,336c386,388
< * lib/krb5/context.c: allow changing config files with the
< function krb5_set_config_files, there are also related functions
< krb5_get_default_config_files and krb5_free_config_files; these
< should work similar to their MIT counterparts
---
> * appl/kf/kf.1: s/securly/securely/ from NetBSD
>
> 2003-02-18 Love H�rnquist �strand <lha@it.su.se>
338,339c390,391
< * lib/krb5/config_file.c: allow the use of more than one config
< file by using the new function krb5_config_parse_file_multi
---
> * kdc/connect.c: s/intialize/initialize, from
> <jmc@prioris.mini.pw.edu.pl>
341c393
< 2002-08-12 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-02-17 Love H�rnquist �strand <lha@it.su.se>
343c395,397
< * use sysconfdir instead of /etc
---
> * configure.in: add AM_MAINTAINER_MODE
>
> 2003-02-16 Love H�rnquist �strand <lha@it.su.se>
345,347c399
< * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
< to appease automake; force sysconfdir and localstatedir to /etc
< and /var/heimdal for now
---
> * **/*.[0-9]: add copyright/licenses on all manpages
349,350c401
< * kdc/connect.c (addr_to_string): check return value of
< sockaddr2address
---
> 2003-14-16 Jacques Vidrine <nectar@kth.se>
352c403,405
< 2002-08-09 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
> PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
> type specified by the KDC.
354,356c407
< * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
< don't try comparing to one; this should make old clients work with
< new servers
---
> 2003-02-15 Love H�rnquist �strand <lha@it.su.se>
358c409,414
< * lib/asn1/gen_decode.c: remove unused variable
---
> * fix-export: some autoconf put their version number in
> autom4te.cache, so remove autom4te*.cache
>
> * fix-export: make sure $1 is a directory
>
> 2003-02-04 Love H�rnquist �strand <lha@it.su.se>
360c416
< 2002-07-31 Johan Danielsson <joda@pdc.kth.se>
---
> * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
362,363c418,420
< * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
< Brashear)
---
> * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
>
> 2003-01-31 Love H�rnquist �strand <lha@it.su.se>
365,366c422
< * lib/krb5/principal.c: actually lower case the lower case
< instance name (spotted by Derrick Brashear)
---
> * kdc/hpropd.8: s/databases/a database/ s/Not/not/
368c424,426
< 2002-07-24 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/hprop.8: add missing .
>
> 2003-01-30 Love H�rnquist �strand <lha@it.su.se>
370,371c428,431
< * fix-export: if DATEDVERSION is set, change the version to
< current date
---
> * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
> address, write out encryption type in sentences, s/Host/host
>
> 2003-01-26 Love H�rnquist �strand <lha@it.su.se>
373,374c433,435
< * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
< LTLIBOBJS
---
> * lib/asn1/check-gen.c: add checks for Authenticator too
>
> 2003-01-25 Love H�rnquist �strand <lha@it.su.se>
376c437,438
< 2002-07-04 Johan Danielsson <joda@pdc.kth.se>
---
> * doc/setup.texi: in the hprop example, use hprop and the first
> component, not host
378,379c440,442
< * kdc/connect.c: add some cache-control-foo to the http responses
< (from Gombas Gabor)
---
> * lib/krb5/get_addrs.c (find_all_addresses): address-less
> point-to-point might not have an address, just ignore
> those. Reported by Harald Barth.
381,382c444
< * lib/krb5/addr_families.c (krb5_print_address): don't copy size
< if ret_len == NULL
---
> 2003-01-23 Love H�rnquist �strand <lha@it.su.se>
384c446,447
< 2002-06-28 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
> found, don't print out all known keys
386,389c449,451
< * kuser/klist.c (display_tokens): don't bail out before we get
< EDOM (signaling the end of the tokens), the kernel can also return
< ENOTCONN, meaning that the index does not exist anymore (for
< example if the token has expired)
---
> * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
> and facility start resp
> (check_log): find_value() returns -1 when key isn't found
391c453,456
< 2002-06-06 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
> 'const void *' to avoid AES_KEY being exposed in krb5-private.h
>
> * lib/krb5/krb5.conf.5: add [kdc]use_2b
393,394c458,467
< * lib/krb5/changepw.c: make sure we return an error if there are
< no changepw hosts found; from Wynn Wilkes
---
> * kdc/524.c (encode_524_response): its 2b not b2
>
> * doc/misc.texi: quote @ where missing
>
> * lib/asn1/Makefile.am: add check-gen
>
> * lib/asn1/check-gen.c: add Principal check
>
> * lib/asn1/check-common.h: move generic asn1/der functions from
> check-der.c to here
396c469,470
< 2002-05-29 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/asn1/check-common.c: move generic asn1/der functions from
> check-der.c to here
398,399c472,473
< * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
< same type is found; spotted by Wynn Wilkes
---
> * lib/asn1/check-der.c: move out the generic asn1/der functions to
> a common file
401c475
< 2002-05-15 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-01-22 Love H�rnquist �strand <lha@it.su.se>
403,404c477,478
< * kdc/kerberos5.c: don't free encrypted padata until we're really
< done with it
---
> * doc/misc.texi: more text about afs, how to get get your KeyFile,
> and how to start use 2b tokens
406c480,483
< 2002-05-07 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
> <jmc@cvs.openbsd.org>
>
> 2003-01-21 Jacques Vidrine <nectar@kth.se>
408,409c485,486
< * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
< enctype
---
> * kuser/kuser_locl.h: include crypto-headers.h for
> des_read_pw_string prototype
411c488
< * kuser/kinit.1: document -a
---
> 2003-01-16 Love H�rnquist �strand <lha@it.su.se>
413c490
< * kuser/kinit.c: add command line switch for extra addresses
---
> * admin/ktutil.8: document -v, --verbose
415c492,493
< 2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
---
> * admin/get.c (kt_get): make getarg usage consistent with other
> other parts of ktutil
417c495,498
< * configure.in: remove some duplicate tests
---
> * admin/copy.c (kt_copy): remove adding verbose_flag to args
> struct, since it will overrun the args array (from Sumit Bose)
>
> 2003-01-15 Love H�rnquist �strand <lha@it.su.se>
419c500,501
< * configure.in: use AC_HELP_STRING
---
> * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
> ... }
421c503,505
< 2002-04-29 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/aes-test.c: test vectors in aes-draft
>
> * lib/krb5/Makefile.am: add aes-test.c
423,424c507,520
< * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
< unknown
---
> * lib/krb5/crypto.c: Add support for AES
> (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
> (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
> to support checksumtype that are have a shorter wireformat then
> their output block size.
>
> * lib/krb5/crypto.c (struct encryption_type): split the blocksize
> into blocksize and padsize, padsize is the minimum padding
> size. they are the same for now
> (enctype_*): add padsize
> (encrypt_internal): use padsize
> (encrypt_internal_derived): use padsize
> (wrapped_length): use padsize
> (wrapped_length_dervied): use padsize
426,546c522,524
< 2002-04-25 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: use rk_DESTDIRS
<
< 2002-04-22 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
< the principal
<
< 2002-04-19 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/verify_init.c: fix typo in error string
<
< 2002-04-18 Johan Danielsson <joda@pdc.kth.se>
<
< * acconfig.h: remove some stuff that is defined elsewhere
<
< * lib/krb5/krb5_locl.h: include <sys/file.h>
<
< * lib/krb5/acl.c: rename acl_string parameter
<
< * lib/krb5/Makefile.am: remove __P from protos, and put parameter
< names in comments
<
< * kuser/klist.c: better align some headers
<
< * kdc/kerberos4.c: storage tweaks
<
< * kdc/kaserver.c: storage tweaks
<
< * kdc/524.c: storage tweaks
<
< * lib/krb5/keytab_krb4.c: storage tweaks
<
< * lib/krb5/keytab_keyfile.c: storage tweaks
<
< * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
< sized keytab files
<
< * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
<
< * lib/krb5/fcache.c: storage tweaks
<
< * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store.c: make the krb5_storage opaque, and add function
< wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store-int.h: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
< wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * include/bits.c: include <sys/socket.h> to get socklen_t
<
< * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
< requested KDC-REQ etypes
<
< * kdc/hpropd.c: constify
<
< * kdc/hprop.c: constify
<
< * kdc/string2key.c: constify
<
< * kdc/kdc_locl.h: make port_str const
<
< * kdc/config.c: constify
<
< * lib/krb5/config_file.c: constify
<
< * kdc/kstash.c: constify
<
< * lib/krb5/verify_user.c: remove unnecessary cast
<
< * lib/krb5/recvauth.c: constify
<
< * lib/krb5/principal.c (krb5_parse_name): const qualify
<
< * lib/krb5/mcache.c (mcc_get_name): constify return type
<
< * lib/krb5/context.c (krb5_free_context): don't try to free the
< ccache prefix
<
< * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
< prefix
<
< * lib/krb5/krb5.h: constify some struct members
<
< * lib/krb5/log.c: constify
<
< * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
< qualify
<
< * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
<
< * lib/krb5/crypto.c: constify some
<
< * lib/krb5/config_file.c: constify
<
< * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
< constify local variable
<
< * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
<
< 2002-04-17 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/verify_krb5_conf.c: add some log checking
---
> * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
> function for each enctype in preparation enctypes that uses
> `Encryption and Checksum Specifications for Kerberos 5' draft
548c526,527
< * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
---
> * lib/asn1/k5.asn1: add checksum and enctype for AES from
> draft-raeburn-krb-rijndael-krb-02.txt
550c529,530
< 2002-04-16 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
> KEYTYPE_AES256
552,553c532
< * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
< matches the expected length
---
> 2003-01-14 Love H�rnquist �strand <lha@it.su.se>
555c534,535
< 2002-03-27 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/hdb/common.c (_hdb_fetch): handle error code from
> hdb_value2entry
557c537,538
< * lib/krb5/send_to_kdc.c: rename send parameter to send_data
---
> * kdc/Makefile.am: always include kerberos4.c and 524.c in
> kdc_SOURCES to support 524
559,575c540
< * lib/krb5/mk_error.c: rename ctime parameter to client_time
<
< 2002-03-22 Johan Danielsson <joda@pdc.kth.se>
<
< * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
< Reinoud Zandijk)
<
< 2002-03-18 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/asn1/k5.asn1: add the GSS-API checksum type here
<
< 2002-03-11 Assar Westerlund <assar@sics.se>
<
< * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
< 18:3:1
< * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
< * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
---
> * kdc/524.c: always compile in support for 524
577c542,553
< 2002-03-10 Assar Westerlund <assar@sics.se>
---
> * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
>
> * kdc/config.c: always compile in support for 524
>
> * kdc/connect.c: always compile in support for 524
>
> * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
> even when we build without kerberos 4, 524 needs them
>
> * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
> Kerberos 4 help functions/structures so other parts of the source
> tree can use it (like the KDC)
579,671d554
< * lib/krb5/rd_cred.c: handle addresses with port numbers
<
< * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
< store the kvno % 256 as the byte and the complete 32 bit kvno after
< the end of the current keytab entry
<
< * lib/krb5/init_creds_pw.c:
< handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
<
< * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
< handle ports giving for the remote address
<
< * lib/krb5/get_cred.c:
< get a ticket with no addresses if no-addresses is set
<
< * lib/krb5/crypto.c:
< rename functions DES_* to krb5_* to avoid colliding with modern
< openssl
<
< * lib/krb5/addr_families.c:
< make all functions taking 'struct sockaddr' actually take a socklen_t
< instead of int and that acts as an in-out parameter (indicating the
< maximum length of the sockaddr to be written)
<
< * kdc/kerberos4.c:
< make the kvno's in the krb4 universe by the real one % 256, since they
< cannot only be 8 bit, and the v5 ones are actually 32 bits
<
< 2002-02-15 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
< before we need to write to it
< (from �ke Sandgren)
<
< 2002-02-14 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
< rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
< directly
<
< * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
< Kouril)
<
< 2002-02-12 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/context.c (krb5_get_err_text): protect against NULL
< context
<
< 2002-02-11 Johan Danielsson <joda@pdc.kth.se>
<
< * admin/ktutil.c: no need to use the "modify" keytab anymore
<
< * lib/krb5/keytab_any.c: implement add and remove
<
< * lib/krb5/keytab_krb4.c: implement add and remove
<
< * lib/krb5/store_emem.c (emem_free): clear memory before freeing
< (this should perhaps be selectable with a flag)
<
< 2002-02-04 Johan Danielsson <joda@pdc.kth.se>
<
< * kdc/config.c (get_dbinfo): if there are database specifications
< in the config file, don't automatically try to use the default
< values (from Gombas Gabor)
<
< * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
< (from Gombas Gabor)
<
< 2002-01-30 Johan Danielsson <joda@pdc.kth.se>
<
< * admin/list.c: get the default keytab from krb5.conf, and list
< all parts of an ANY type keytab
<
< * lib/krb5/context.c: default default_keytab_modify to NULL
<
< * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
< name is specified take it from the first component of the default
< keytab name
<
< 2002-01-29 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/keytab.c: compare keytab types case insensitively
<
< 2002-01-07 Assar Westerlund <assar@sics.se>
<
< * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
< not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
< * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
< Harris <bjh21@netbsd.org>
< * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
< Harris <bjh21@netbsd.org>
< * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
< <bjh21@netbsd.org>
< 2002-10-21 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
3c3
< * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
---
> * Release 0.6
5,6c5
< * lib/krb5/principal.c: pull up 1.82; don't allow trailing
< backslashes in components
---
> 2003-05-08 Love H�rnquist �strand <lha@it.su.se>
8c7,8
< * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
---
> * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
> support
10,11c10,11
< * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
< keytabs
---
> * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
> v4 support
13,14c13,14
< * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
< two hex digits
---
> * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
> support
16,17c16
< * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
< the newline to NUL in fgets results.
---
> 2003-05-06 Johan Danielsson <joda@pdc.kth.se>
19,20c18,19
< * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
< newline to NUL in fgets results.
---
> * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
> tests
22,23c21,23
< * lib/krb5/keytab_file.c: pull up 1.12; check return value from
< start_seq_get
---
> * lib/asn1/check-gen.c: there is no \e escape sequence; replace
> everything with hex-codes, and cast to unsigned char* to make some
> compilers happy
25,26c25
< * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
< when "unconfigured"
---
> 2003-05-06 Love H�rnquist �strand <lha@it.su.se>
28,29c27,30
< * lib/krb5/changepw.c: pull up 1.38; fix reply length check
< calculation
---
> * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
> argument to krb5_us_timeofday have correct type
>
> 2003-05-05 Assar Westerlund <assar@kth.se>
31c32
< * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
---
> * include/make_crypto.c (main): include aes.h if ENABLE_AES
33c34
< * kdc/kaserver.c: pull up 1.21; make sure life is positive
---
> 2003-05-05 Love H�rnquist �strand <lha@it.su.se>
35c36,38
< * fix-export: pull up 1.28; remove autom4ate.cache
---
> * NEWS: 1.108->1.110: fix text about gssapi compat
>
> 2003-04-28 Love H�rnquist �strand <lha@it.su.se>
37c40,41
< 2002-09-10 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
> from openbsd
39c43
< * Release 0.5
---
> 2003-04-24 Love H�rnquist �strand <lha@it.su.se>
41c45,46
< * include/make_crypto.c: don't use function macros if possible
---
> * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
> <jmc@prioris.mini.pw.edu.pl>
43c48
< * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
---
> 2003-04-22 Love H�rnquist �strand <lha@it.su.se>
45c50,51
< * include/Makefile.am: use make_crypto to create crypto-headers.h
---
> * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
> via openbsd
47c53
< * include/make_crypto.c: crypto header generation tool
---
> 2003-04-17 Love H�rnquist �strand <lha@it.su.se>
49,51c55,65
< * configure.in: move crypto test to just after testing for krb4,
< and move roken tests to after both, this speeds up various failure
< cases with krb4
---
> * lib/asn1/der_copy.c (copy_general_string): use strdup
> * lib/asn1/der_put.c: remove sprintf
> * lib/asn1/gen.c: remove strcpy/sprintf
>
> * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
> that other (me) have such hosts in the local domain and the tests
> fails, to take hokkigai.pdc.kth.se instead
>
> * lib/krb5/test_alname.c: add --version and --help
>
> 2003-04-16 Love H�rnquist �strand <lha@it.su.se>
53c67,76
< * lib/krb5/config_file.c: don't use NULL when we mean 0
---
> * lib/krb5/krb5_warn.3: add krb5_get_err_text
>
> * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
> * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
> * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
> strlcpy, from openbsd
> * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
> * appl/kf/kfd.c: use strlcpy, from openbsd
>
> 2003-04-16 Johan Danielsson <joda@pdc.kth.se>
55,56c78,80
< * configure.in: we don't set package_libdir anymore, so no point
< in testing for it
---
> * configure.in: fix for large file support in AIX, _LARGE_FILES
> needs to be defined on the command line, since lex likes to
> include stdio.h before we get to config.h
58c82,88
< * tools/Makefile.am: subst INCLUDE_des
---
> 2003-04-16 Love H�rnquist �strand <lha@it.su.se>
>
> * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
> from Thomas Klausner <wiz@netbsd.org>
>
> * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
> <wiz@netbsd.org>
60c90
< * tools/krb5-config.in: add INCLUDE_des to cflags
---
> 2003-04-15 Love H�rnquist �strand <lha@it.su.se>
62c92,94
< * configure.in: use AC_CONFIG_SRCDIR
---
> * kdc/kerberos5.c: fix some more memory leaks
>
> 2003-04-11 Love H�rnquist �strand <lha@it.su.se>
64c96,98
< * fix-export: remove some unneeded stuff
---
> * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
>
> 2003-04-08 Love H�rnquist �strand <lha@it.su.se>
66c100,102
< * kuser/kinit.c (do_524init): free principals
---
> * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
>
> 2003-04-06 Love H�rnquist �strand <lha@it.su.se>
68c104,112
< 2002-09-09 Jacques Vidrine <nectar@kth.se>
---
> * lib/krb5/krb5.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
> * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
> * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
> * kuser/kinit.1: s/kerberos/Kerberos/
> * kdc/kdc.8: s/kerberos/Kerberos/
>
> 2003-04-01 Love H�rnquist �strand <lha@it.su.se>
70,76c114,118
< * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
< kdc/kaserver.c (krb5_ret_xdr_data),
< lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
< counts: Check that they are non-negative, and that they are small
< enough to avoid integer overflow when used in memory allocation
< calculations. Potential problem areas pointed out by
< Sebastian Krahmer <krahmer@suse.de>.
---
> * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
>
> * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
> converting too root, make sure user is ok according to
> krb5_kuserok before allowing it.
78,79c120,127
< * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
< creating a new keyfile.
---
> * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
>
> * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
>
> * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
> instead of the "illegal" salt #~, same change as kth-krb did
> 1999. Problems occur with crypt() that behaves like AT&T crypt
> (openssl does this). Pointed out by Marcus Watts.
81c129,134
< 2002-09-09 Johan Danielsson <joda@pdc.kth.se>
---
> * admin/change.c (kt_change): collect all principals we are going
> to change, and pick the highest kvno and use that to guess what
> kvno the resulting kvno is going to be. Now two ktutil change in a
> row works. XXX fix the protocol to pass the kvno back.
>
> 2003-03-31 Love H�rnquist �strand <lha@it.su.se>
83c136,138
< * configure.in: don't try to build pam module
---
> * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
>
> 2003-03-30 Love H�rnquist �strand <lha@it.su.se>
85c140,141
< 2002-09-05 Johan Danielsson <joda@pdc.kth.se>
---
> * doc/setup.texi: add description on how to turn on v4, 524 and
> kaserver support
87c143
< * appl/kf/kf.c: fix warning string
---
> 2003-03-29 Love H�rnquist �strand <lha@it.su.se>
89,90c145,146
< * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
< know we need it
---
> * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
> and afs-use-524
92c148
< 2002-09-04 Assar Westerlund <assar@kth.se>
---
> 2003-03-28 Love H�rnquist �strand <lha@it.su.se>
94c150,151
< * kdc/kerberos5.c (encode_reply): correct error logging
---
> * kdc/kerberos5.c (as_rep): when the second enctype_to_string
> failes, remember to free memory from the first enctype_to_string
96c153,155
< 2002-09-04 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
> from Harald Joerg <harald.joerg@fujitsu-siemens.com>
> (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
98c157,160
< * lib/krb5/sendauth.c: close ccache if we opened it
---
> * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
> length when key is longer then expected length, its probably
> longer since the encrypted data was padded, reported by Aidan
> Cully <aidan@kublai.com>
100c162,165
< * appl/kf/kf.c: handle new protocol
---
> * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
> encyption type, inspired by Aidan Cully <aidan@kublai.com>
>
> 2003-03-27 Love H�rnquist �strand <lha@it.su.se>
102,104c167,171
< * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
< handle the new protocol, and bail out if an old client tries to
< connect
---
> * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
> (wildcard kvno) after principal when the keytab entry isn't found,
> reported by Chris Chiappa <chris@chiappa.net>
>
> 2003-03-26 Love H�rnquist �strand <lha@it.su.se>
106c173,174
< * appl/kf/kf_locl.h: we need a protocol version string
---
> * doc/misc.texi: update 2b example to match reality (from
> mattiasa@e.kth.se)
108c176,177
< * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
---
> * doc/misc.texi: spelling and add `Configuring AFS clients'
> subsection
110c179
< * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
---
> 2003-03-25 Love H�rnquist �strand <lha@it.su.se>
112c181,184
< * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
---
> * lib/krb5/krb5.3: add krb5_free_data_contents.3
>
> * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
> API
114,121c186,187
< * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
<
< * lib/asn1/gen.c: add convenience macro that allocates a buffer
< and encoded into that
<
< * lib/krb5/get_cred.c (init_tgs_req): use
< in_creds->session.keytype literally instead of trying to convert
< to a list of enctypes (it should already be an enctype)
---
> * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
> with MIT API
123c189,192
< * lib/krb5/get_cred.c (init_tgs_req): init ret
---
> * lib/krb5/krb5_verify_user.3: write more about how the ccache
> argument should be inited when used
>
> 2003-03-25 Johan Danielsson <joda@pdc.kth.se>
125c194,196
< 2002-09-03 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/addr_families.c (krb5_print_address): make sure
> print_addr is defined for the given address type; make addrports
> printable
127c198
< * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
---
> * kdc/string2key.c: print the used enctype for kerberos 5 keys
129c200
< * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
---
> 2003-03-25 Love H�rnquist �strand <lha@it.su.se>
131,132c202,204
< * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
< zero ivec in DES3_CBC_encrypt if passed ivec is NULL
---
> * lib/krb5/aes-test.c: add another arcfour test
>
> 2003-03-22 Love H�rnquist �strand <lha@it.su.se>
134,135c206,210
< * lib/krb5/Makefile.am: back out 1.144, since it will re-create
< krb5-protos.h at build-time, which requires perl, which is bad
---
> * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
>
> 2003-03-20 Love H�rnquist �strand <lha@it.su.se>
>
> * lib/krb5/krb5_ccache.3: update .Dd
137,138c212
< * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
< blindly use the local subkey
---
> * lib/krb5/krb5.3: sort in krb5_data functions
140,141c214
< * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
< extracts the required blocksize from a crypto context
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
143,144c216
< * lib/krb5/build_auth.c: just get the length of the encoded
< authenticator instead of trying to grow a buffer
---
> * lib/krb5/krb5_data.3: document krb5_data
146c218,221
< 2002-09-03 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
> prompter is NULL, don't try to ask for a password to
> change. reported by Iain Moffat @ ufl.edu via Howard Chu
> <hyc@highlandsun.com>
148,149c223
< * configure.in: add --disable-mmap option, and tests for
< sys/mman.h and mmap
---
> 2003-03-19 Love H�rnquist �strand <lha@it.su.se>
151c225,226
< 2002-09-03 Jacques Vidrine <nectar@kth.se>
---
> * lib/krb5/krb5_keytab.3: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
153c228,231
< * lib/krb5/changepw.c: verify lengths in response
---
> * lib/krb5/krb5.conf.5: . means new line
>
> * lib/krb5/krb5.conf.5: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
155,156c233,234
< * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
< truncated integers
---
> * lib/krb5/krb5_auth_context.3: spelling, from
> <jmc@prioris.mini.pw.edu.pl>
158c236
< 2002-09-02 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-03-18 Love H�rnquist �strand <lha@it.su.se>
160,161c238,242
< * lib/krb5/mk_req_ext.c: generate a local subkey if
< AP_OPTS_USE_SUBKEY is set
---
> * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
>
> * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
>
> * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
163,164c244,250
< * lib/krb5/build_auth.c: we don't have enough information about
< whether to generate a local subkey here, so don't try to
---
> * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
> #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
>
> * kdc/config.c: 524 is independent of kerberos 4, so move out
> enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
>
> 2003-03-17 Assar Westerlund <assar@kth.se>
166,167c252,258
< * lib/krb5/auth_context.c: new function
< krb5_auth_con_generatelocalsubkey
---
> * kdc/kdc.8: document --kerberos4-cross-realm
> * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
> * kdc/kdc_locl.h (enable_v4_cross_realm): add
> * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
> flag before giving out v4 tickets for foreign v5 principals
> * kdc/config.c: add --enable-kerberos4-cross-realm option (default
> to off)
169,170c260
< * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
< initial ticket
---
> 2003-03-17 Love H�rnquist �strand <lha@it.su.se>
172,173c262,265
< * lib/krb5/context.c (init_context_from_config_file): simplify
< initialisation of srv_lookup
---
> * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
>
> * lib/krb5/krb5_aname_to_localname.3: manpage for
> krb5_aname_to_localname
175c267,269
< * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
---
> * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
>
> 2003-03-16 Love H�rnquist �strand <lha@it.su.se>
177c271
< * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
---
> * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
179c273
< 2002-08-30 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
181,184c275,278
< * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
< * lib/krb5/Makefile.am (TESTS): add name-45-test
< * lib/krb5/name-45-test.c: add testcases for
< krb5_425_conv_principal
---
> * lib/krb5/krb5_set_default_realm.3: Manpage for
> krb5_free_host_realm, krb5_get_default_realm,
> krb5_get_default_realms, krb5_get_host_realm, and
> krb5_set_default_realm.
186c280,281
< 2002-08-29 Assar Westerlund <assar@kth.se>
---
> * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
> <sobrado@acm.org> via NetBSD
188,245c283
< * lib/krb5/parse-name-test.c: also test unparse_short functions
< * lib/asn1/asn1_print.c: use com_err/error_message API
< * lib/krb5/Makefile.am: add parse-name-test
< * lib/krb5/parse-name-test.c: add a program for testing parsing
< and unparsing principal names
<
< 2002-08-28 Assar Westerlund <assar@kth.se>
<
< * kdc/config.c: add missing ifdef DAEMON
<
< 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: use rk_SUNOS
<
< * kdc/config.c: add detach options
<
< * kdc/main.c: maybe detach from console?
<
< * kdc/kdc.8: markup changes
<
< * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
<
< * configure.in: use rk_TELNET, rename some other macros, and don't
< add -ldes to krb4 link command
<
< * kuser/kinit.1: whitespace fix (from NetBSD)
<
< * include/bits.c: we may need unistd.h for ssize_t
<
< 2002-08-26 Assar Westerlund <assar@kth.se>
<
< * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
< rrs before A ones when using the resolver to verify a mapping,
< also use getaddrinfo when resolver is not available
<
< * lib/hdb/keytab.c (find_db): const-correctness in parameters to
< krb5_config_get_next
<
< * lib/asn1/gen.c: include <string.h> in the generated files (for
< memset)
<
< 2002-08-22 Assar Westerlund <assar@kth.se>
<
< * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
< getarg so that it can handle --help and --version (and thus make
< check can pass)
<
< * lib/asn1/check-der.c: make this build again
<
< 2002-08-22 Assar Westerlund <assar@kth.se>
<
< * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
< patch from Love <lha@stacken.kth.se>
<
< 2002-08-22 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
< KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
---
> * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
247,251c285
< * kdc/kdc.8: add blurb about adding and removing addresses; update
< kdc.conf section to match reality
<
< * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
< don't define it
---
> * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
253c287
< 2002-08-21 Assar Westerlund <assar@kth.se>
---
> * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
255,261c289,290
< * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
< Love <lha@stacken.kth.se>
<
< 2002-08-21 Johan Danielsson <joda@pdc.kth.se>
<
< * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
< since it might not exist, and we don't actually care about the key
---
> * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
> types, add krb5_fcc_ops and krb5_mcc_ops
263c292,293
< 2002-08-20 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
> a id
265,266c295
< * lib/krb5/krb5.conf.5: correct documentation for
< verify_ap_req_nofail
---
> 2003-03-15 Love H�rnquist �strand <lha@it.su.se>
268,269c297,298
< * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
< Mattias Amnefelt)
---
> * doc/intro.texi: add reference to source code, binaries and the
> manual
271,272c300,302
< * kuser/klist.c (display_tokens): increase token buffer size, and
< add more checks of the kernel data (from Love)
---
> * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
>
> 2003-03-14 Love H�rnquist �strand <lha@it.su.se>
274c304
< 2002-08-19 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/kdc.8: better/difrent english
276c306,308
< * fix-export: use make to parse Makefile.am instead of perl
---
> * kdc/kdc.8: . -> .\n, copyright/license
>
> * kdc/kdc.8: changed configuration file -> restart kdc
278,279c310,311
< * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
< groks AC_INIT with package name etc.
---
> * kdc/kerberos4.c: add krb4 into the most error messages written
> to the logfile
281c313,314
< * kpasswd/kpasswdd.c: include <kadm5/private.h>
---
> * lib/krb5/krb5_ccache.3: add missing name of argument
> (krb5_context) to most functions
283c316
< * lib/asn1/asn1_print.c: include com_right.h
---
> 2003-03-13 Love H�rnquist �strand <lha@it.su.se>
285c318,320
< * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
---
> * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
> function and return FALSE when there isn't a local account for
> `luser'.
287,288c322,323
< * include/bits.c: define krb5_socklen_t type; this should really
< go someplace else, but this was easy
---
> * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
> describing the function
290,291c325
< * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
< fails, just warn about it
---
> 2003-03-12 Love H�rnquist �strand <lha@it.su.se>
293c327,328
< * kdc/log.c (kdc_openlog): no need for a config_file parameter
---
> * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
> returned memory, don't return ENOMEM
295c330
< * kdc/config.c: just treat kdc.conf like any other config file
---
> 2003-03-11 Love H�rnquist �strand <lha@it.su.se>
297,298c332,339
< * lib/krb5/context.c (krb5_get_default_config_files): ignore
< duplicate files
---
> * lib/krb5/krb5.3: add krb5_address stuff and sort
>
> * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
>
> * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
>
> * lib/krb5/krb5_address.3: document types krb5_address and
> krb5_addresses and their helper functions
300c341
< 2002-08-16 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-03-10 Love H�rnquist �strand <lha@it.su.se>
302,303c343
< * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
< them
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
305,306c345
< * lib/krb5/constants.c: turn strings into pointers, so we can
< assign to them
---
> * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
308,309c347
< * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
< SCAN_INTERFACES is not set
---
> * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
311c349,354
< * lib/krb5/context.c: fix various borked stuff in previous commits
---
> * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
>
> * lib/krb5/krb5.3: add more functions
>
> * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
> functions
313c356,359
< 2002-08-16 Jacques Vidrine <n@nectar.com>
---
> * lib/krb5/krb5_kuserok.3: document krb5_kuserok
>
> * lib/krb5/krb5_verify_user.3: document
> krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
315,317c361,362
< * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
< the `admin_server' entry for kpasswd, override the `proto' result
< to be UDP.
---
> * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
> krb5_verify_user_opt
319c364
< 2002-08-15 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
321,322c366,367
< * lib/krb5/auth_context.c: check return value of
< krb5_sockaddr2address
---
> * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
> return NULL
324,325c369,370
< * lib/krb5/addr_families.c: check return value of
< krb5_sockaddr2address
---
> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
> (TESTS): add test_cc
327c372,377
< * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
---
> * lib/krb5/test_cc.c: test some
> krb5_cc_default_name/krb5_cc_set_default_name combinations
>
> * lib/krb5/context.c (init_context_from_config_file): set
> default_cc_name to NULL
> (krb5_free_context): free default_cc_name if set
329c379,380
< 2002-08-14 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/cache.c (krb5_cc_set_default_name): new function
> (krb5_cc_default_name): use krb5_cc_set_default_name
331c382,384
< * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
---
> * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
>
> 2003-02-25 Love H�rnquist �strand <lha@it.su.se>
333,336c386,388
< * lib/krb5/context.c: allow changing config files with the
< function krb5_set_config_files, there are also related functions
< krb5_get_default_config_files and krb5_free_config_files; these
< should work similar to their MIT counterparts
---
> * appl/kf/kf.1: s/securly/securely/ from NetBSD
>
> 2003-02-18 Love H�rnquist �strand <lha@it.su.se>
338,339c390,391
< * lib/krb5/config_file.c: allow the use of more than one config
< file by using the new function krb5_config_parse_file_multi
---
> * kdc/connect.c: s/intialize/initialize, from
> <jmc@prioris.mini.pw.edu.pl>
341c393
< 2002-08-12 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-02-17 Love H�rnquist �strand <lha@it.su.se>
343c395,397
< * use sysconfdir instead of /etc
---
> * configure.in: add AM_MAINTAINER_MODE
>
> 2003-02-16 Love H�rnquist �strand <lha@it.su.se>
345,347c399
< * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
< to appease automake; force sysconfdir and localstatedir to /etc
< and /var/heimdal for now
---
> * **/*.[0-9]: add copyright/licenses on all manpages
349,350c401
< * kdc/connect.c (addr_to_string): check return value of
< sockaddr2address
---
> 2003-14-16 Jacques Vidrine <nectar@kth.se>
352c403,405
< 2002-08-09 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
> PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
> type specified by the KDC.
354,356c407
< * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
< don't try comparing to one; this should make old clients work with
< new servers
---
> 2003-02-15 Love H�rnquist �strand <lha@it.su.se>
358c409,414
< * lib/asn1/gen_decode.c: remove unused variable
---
> * fix-export: some autoconf put their version number in
> autom4te.cache, so remove autom4te*.cache
>
> * fix-export: make sure $1 is a directory
>
> 2003-02-04 Love H�rnquist �strand <lha@it.su.se>
360c416
< 2002-07-31 Johan Danielsson <joda@pdc.kth.se>
---
> * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
362,363c418,420
< * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
< Brashear)
---
> * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
>
> 2003-01-31 Love H�rnquist �strand <lha@it.su.se>
365,366c422
< * lib/krb5/principal.c: actually lower case the lower case
< instance name (spotted by Derrick Brashear)
---
> * kdc/hpropd.8: s/databases/a database/ s/Not/not/
368c424,426
< 2002-07-24 Johan Danielsson <joda@pdc.kth.se>
---
> * kdc/hprop.8: add missing .
>
> 2003-01-30 Love H�rnquist �strand <lha@it.su.se>
370,371c428,431
< * fix-export: if DATEDVERSION is set, change the version to
< current date
---
> * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
> address, write out encryption type in sentences, s/Host/host
>
> 2003-01-26 Love H�rnquist �strand <lha@it.su.se>
373,374c433,435
< * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
< LTLIBOBJS
---
> * lib/asn1/check-gen.c: add checks for Authenticator too
>
> 2003-01-25 Love H�rnquist �strand <lha@it.su.se>
376c437,438
< 2002-07-04 Johan Danielsson <joda@pdc.kth.se>
---
> * doc/setup.texi: in the hprop example, use hprop and the first
> component, not host
378,379c440,442
< * kdc/connect.c: add some cache-control-foo to the http responses
< (from Gombas Gabor)
---
> * lib/krb5/get_addrs.c (find_all_addresses): address-less
> point-to-point might not have an address, just ignore
> those. Reported by Harald Barth.
381,382c444
< * lib/krb5/addr_families.c (krb5_print_address): don't copy size
< if ret_len == NULL
---
> 2003-01-23 Love H�rnquist �strand <lha@it.su.se>
384c446,447
< 2002-06-28 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
> found, don't print out all known keys
386,389c449,451
< * kuser/klist.c (display_tokens): don't bail out before we get
< EDOM (signaling the end of the tokens), the kernel can also return
< ENOTCONN, meaning that the index does not exist anymore (for
< example if the token has expired)
---
> * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
> and facility start resp
> (check_log): find_value() returns -1 when key isn't found
391c453,456
< 2002-06-06 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
> 'const void *' to avoid AES_KEY being exposed in krb5-private.h
>
> * lib/krb5/krb5.conf.5: add [kdc]use_2b
393,394c458,467
< * lib/krb5/changepw.c: make sure we return an error if there are
< no changepw hosts found; from Wynn Wilkes
---
> * kdc/524.c (encode_524_response): its 2b not b2
>
> * doc/misc.texi: quote @ where missing
>
> * lib/asn1/Makefile.am: add check-gen
>
> * lib/asn1/check-gen.c: add Principal check
>
> * lib/asn1/check-common.h: move generic asn1/der functions from
> check-der.c to here
396c469,470
< 2002-05-29 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/asn1/check-common.c: move generic asn1/der functions from
> check-der.c to here
398,399c472,473
< * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
< same type is found; spotted by Wynn Wilkes
---
> * lib/asn1/check-der.c: move out the generic asn1/der functions to
> a common file
401c475
< 2002-05-15 Johan Danielsson <joda@pdc.kth.se>
---
> 2003-01-22 Love H�rnquist �strand <lha@it.su.se>
403,404c477,478
< * kdc/kerberos5.c: don't free encrypted padata until we're really
< done with it
---
> * doc/misc.texi: more text about afs, how to get get your KeyFile,
> and how to start use 2b tokens
406c480,483
< 2002-05-07 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
> <jmc@cvs.openbsd.org>
>
> 2003-01-21 Jacques Vidrine <nectar@kth.se>
408,409c485,486
< * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
< enctype
---
> * kuser/kuser_locl.h: include crypto-headers.h for
> des_read_pw_string prototype
411c488
< * kuser/kinit.1: document -a
---
> 2003-01-16 Love H�rnquist �strand <lha@it.su.se>
413c490
< * kuser/kinit.c: add command line switch for extra addresses
---
> * admin/ktutil.8: document -v, --verbose
415c492,493
< 2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
---
> * admin/get.c (kt_get): make getarg usage consistent with other
> other parts of ktutil
417c495,498
< * configure.in: remove some duplicate tests
---
> * admin/copy.c (kt_copy): remove adding verbose_flag to args
> struct, since it will overrun the args array (from Sumit Bose)
>
> 2003-01-15 Love H�rnquist �strand <lha@it.su.se>
419c500,501
< * configure.in: use AC_HELP_STRING
---
> * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
> ... }
421c503,505
< 2002-04-29 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/aes-test.c: test vectors in aes-draft
>
> * lib/krb5/Makefile.am: add aes-test.c
423,424c507,520
< * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
< unknown
---
> * lib/krb5/crypto.c: Add support for AES
> (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
> (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
> to support checksumtype that are have a shorter wireformat then
> their output block size.
>
> * lib/krb5/crypto.c (struct encryption_type): split the blocksize
> into blocksize and padsize, padsize is the minimum padding
> size. they are the same for now
> (enctype_*): add padsize
> (encrypt_internal): use padsize
> (encrypt_internal_derived): use padsize
> (wrapped_length): use padsize
> (wrapped_length_dervied): use padsize
426,546c522,524
< 2002-04-25 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: use rk_DESTDIRS
<
< 2002-04-22 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
< the principal
<
< 2002-04-19 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/verify_init.c: fix typo in error string
<
< 2002-04-18 Johan Danielsson <joda@pdc.kth.se>
<
< * acconfig.h: remove some stuff that is defined elsewhere
<
< * lib/krb5/krb5_locl.h: include <sys/file.h>
<
< * lib/krb5/acl.c: rename acl_string parameter
<
< * lib/krb5/Makefile.am: remove __P from protos, and put parameter
< names in comments
<
< * kuser/klist.c: better align some headers
<
< * kdc/kerberos4.c: storage tweaks
<
< * kdc/kaserver.c: storage tweaks
<
< * kdc/524.c: storage tweaks
<
< * lib/krb5/keytab_krb4.c: storage tweaks
<
< * lib/krb5/keytab_keyfile.c: storage tweaks
<
< * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
< sized keytab files
<
< * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
<
< * lib/krb5/fcache.c: storage tweaks
<
< * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store.c: make the krb5_storage opaque, and add function
< wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/store-int.h: make the krb5_storage opaque, and add
< function wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
< wrappers for store/fetch/seek, and also make the eof-code
< configurable
<
< * include/bits.c: include <sys/socket.h> to get socklen_t
<
< * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
< requested KDC-REQ etypes
<
< * kdc/hpropd.c: constify
<
< * kdc/hprop.c: constify
<
< * kdc/string2key.c: constify
<
< * kdc/kdc_locl.h: make port_str const
<
< * kdc/config.c: constify
<
< * lib/krb5/config_file.c: constify
<
< * kdc/kstash.c: constify
<
< * lib/krb5/verify_user.c: remove unnecessary cast
<
< * lib/krb5/recvauth.c: constify
<
< * lib/krb5/principal.c (krb5_parse_name): const qualify
<
< * lib/krb5/mcache.c (mcc_get_name): constify return type
<
< * lib/krb5/context.c (krb5_free_context): don't try to free the
< ccache prefix
<
< * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
< prefix
<
< * lib/krb5/krb5.h: constify some struct members
<
< * lib/krb5/log.c: constify
<
< * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
< qualify
<
< * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
<
< * lib/krb5/crypto.c: constify some
<
< * lib/krb5/config_file.c: constify
<
< * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
< constify local variable
<
< * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
<
< 2002-04-17 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/verify_krb5_conf.c: add some log checking
---
> * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
> function for each enctype in preparation enctypes that uses
> `Encryption and Checksum Specifications for Kerberos 5' draft
548c526,527
< * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
---
> * lib/asn1/k5.asn1: add checksum and enctype for AES from
> draft-raeburn-krb-rijndael-krb-02.txt
550c529,530
< 2002-04-16 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
> KEYTYPE_AES256
552,553c532
< * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
< matches the expected length
---
> 2003-01-14 Love H�rnquist �strand <lha@it.su.se>
555c534,535
< 2002-03-27 Johan Danielsson <joda@pdc.kth.se>
---
> * lib/hdb/common.c (_hdb_fetch): handle error code from
> hdb_value2entry
557c537,538
< * lib/krb5/send_to_kdc.c: rename send parameter to send_data
---
> * kdc/Makefile.am: always include kerberos4.c and 524.c in
> kdc_SOURCES to support 524
559,575c540
< * lib/krb5/mk_error.c: rename ctime parameter to client_time
<
< 2002-03-22 Johan Danielsson <joda@pdc.kth.se>
<
< * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
< Reinoud Zandijk)
<
< 2002-03-18 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/asn1/k5.asn1: add the GSS-API checksum type here
<
< 2002-03-11 Assar Westerlund <assar@sics.se>
<
< * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
< 18:3:1
< * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
< * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
---
> * kdc/524.c: always compile in support for 524
577c542,553
< 2002-03-10 Assar Westerlund <assar@sics.se>
---
> * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
>
> * kdc/config.c: always compile in support for 524
>
> * kdc/connect.c: always compile in support for 524
>
> * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
> even when we build without kerberos 4, 524 needs them
>
> * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
> Kerberos 4 help functions/structures so other parts of the source
> tree can use it (like the KDC)
579,671d554
< * lib/krb5/rd_cred.c: handle addresses with port numbers
<
< * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
< store the kvno % 256 as the byte and the complete 32 bit kvno after
< the end of the current keytab entry
<
< * lib/krb5/init_creds_pw.c:
< handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
<
< * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
< handle ports giving for the remote address
<
< * lib/krb5/get_cred.c:
< get a ticket with no addresses if no-addresses is set
<
< * lib/krb5/crypto.c:
< rename functions DES_* to krb5_* to avoid colliding with modern
< openssl
<
< * lib/krb5/addr_families.c:
< make all functions taking 'struct sockaddr' actually take a socklen_t
< instead of int and that acts as an in-out parameter (indicating the
< maximum length of the sockaddr to be written)
<
< * kdc/kerberos4.c:
< make the kvno's in the krb4 universe by the real one % 256, since they
< cannot only be 8 bit, and the v5 ones are actually 32 bits
<
< 2002-02-15 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
< before we need to write to it
< (from �ke Sandgren)
<
< 2002-02-14 Johan Danielsson <joda@pdc.kth.se>
<
< * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
< rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
< directly
<
< * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
< Kouril)
<
< 2002-02-12 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/context.c (krb5_get_err_text): protect against NULL
< context
<
< 2002-02-11 Johan Danielsson <joda@pdc.kth.se>
<
< * admin/ktutil.c: no need to use the "modify" keytab anymore
<
< * lib/krb5/keytab_any.c: implement add and remove
<
< * lib/krb5/keytab_krb4.c: implement add and remove
<
< * lib/krb5/store_emem.c (emem_free): clear memory before freeing
< (this should perhaps be selectable with a flag)
<
< 2002-02-04 Johan Danielsson <joda@pdc.kth.se>
<
< * kdc/config.c (get_dbinfo): if there are database specifications
< in the config file, don't automatically try to use the default
< values (from Gombas Gabor)
<
< * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
< (from Gombas Gabor)
<
< 2002-01-30 Johan Danielsson <joda@pdc.kth.se>
<
< * admin/list.c: get the default keytab from krb5.conf, and list
< all parts of an ANY type keytab
<
< * lib/krb5/context.c: default default_keytab_modify to NULL
<
< * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
< name is specified take it from the first component of the default
< keytab name
<
< 2002-01-29 Johan Danielsson <joda@pdc.kth.se>
<
< * lib/krb5/keytab.c: compare keytab types case insensitively
<
< 2002-01-07 Assar Westerlund <assar@sics.se>
<
< * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
< not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
< * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
< Harris <bjh21@netbsd.org>
< * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
< Harris <bjh21@netbsd.org>
< * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
< <bjh21@netbsd.org>